1. Technical Field
The present invention relates to computer networks, and more particularly to a method and system for setting the value of the Type of Service (TOS) field of an IP datagram according to the Application Level protocol used by Socks data in an end user workstation attached to an Internet Protocol (IP) network.
2. Description of the Related Art
Internet
The Internet is a global network of computers and computers networks (the xe2x80x9cNetxe2x80x9d). The Internet connects computers that use a variety of different operating systems or languages, including UNIX, DOS, Windows, Macintosh, and others. To facilitate and allow the communication among these various systems and languages, the Internet uses a language referred to as TCP/IP (xe2x80x9cTransmission Control Protocol/Internet Protocolxe2x80x9d). TCP/IP protocol supports three basic applications on the Internet:
(1) transmitting and receiving electronic mail,
(2) logging into remote computers (the xe2x80x9cTelnetxe2x80x9d), and
(3) transferring files and programs from one computer to another (xe2x80x9cFTPxe2x80x9d or xe2x80x9cFile Transfer Protocolxe2x80x9d).
TCP/IP
The Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite is used to establish an interconnection of networks that provide universal communication services: an internetwork, or internet. Each physical network has its own technology dependent communication interface (in the form of a programming interface) that provides basic communication functions between the physical network and the user applications. The architecture of the physical networks is hidden from the user. TCP/IP also provides interconnection between different physical networks to form what appears to the user to be one large network.
TCP is a transport layer protocol providing end-to-end data transfer and is responsible for providing a reliable exchange of information between networked computer systems. Multiple applications can be supported simultaneously over one TCP connection between two computer systems.
IP is an internetwork layer protocol hiding the physical network architecture bellow it. Part of the communicating messages between computers is a routing function that ensures that messages will be correctly directed within the network to be delivered to their destination. IP provides this routing function. An IP message is called an IP datagram.
Application Level protocols are utilized in addition to TCP/IP to transfer user and application data from a computer system to a destination computer system. Examples of such Application Level protocols include File Transfer Protocol (FTP), Telnet, Gopher, Hyper Text Transfer Protocol (HTTP).
IP Router
A xe2x80x9crouterxe2x80x9d is a computer that interconnects two networks and forwards messages from one network to the other. Routers select the best transmission path between networks utilizing the IP layer of the TCP/IP protocol stack, such that any host (or computer) or workstation running TCP/IP over more than one interface could, in-theory, forward messages between networks. Because IP implements basic routing functions, the term xe2x80x9cIP routerxe2x80x9d is often used. However, dedicated network hardware routers can provide more sophisticated routing functions than the minimum functions implemented in IP.
World Wide Web
With the increasing size and complexity of the Internet, tools that are often called navigators or navigation systems have been developed to help find information on the network. Navigation systems include standards such as Archie, Gopher and, most well-known, the World Wide Web (xe2x80x9cWWWxe2x80x9d or xe2x80x9cthe Webxe2x80x9d). In addition to serving as an Internet-based navigation system, the Web is also an information distribution and management system for the Internet. The Web provides an end user with a seamlessly integrated format of information, including still images, text, audio and video. A user on the Web using a graphical user interface may transparently communicate with different host computers on the system, different system applications, and different information formats for files and documents including text, sound, and graphics.
Hypermedia
The Web uses hypertext and hypermedia. Hypertext is a subset of hypermedia and refers to computer-based xe2x80x9cdocumentsxe2x80x9d in which readers move from one place to another in a document, or to another document, in a non-linear manner. To accomplish this, the Web uses a client-server architecture. Web servers enable a user to access hypertext and hypermedia information through the Web and the user""s computer. (The user""s computer is referred to as a client computer of the Web server computers.) Clients send requests to Web servers, which react, search, and respond. The Web allows client application software to request and receive hypermedia documents (including formatted text, audio, video and graphics) with hypertext link capabilities to other hypermedia documents, from a Web file server. The Web, thus, can be viewed as a collection of document files residing on Web host computers that are interconnected by hyperlinks using networking protocols, forming a virtual xe2x80x9cwebxe2x80x9d that spans the Internet.
Uniform Resource Locations
A resource of the Internet is unambiguously identified by a Uniform Resource Locator (URL), which is a pointer to a particular resource at a particular location. A URL specifies the protocol used to access a server (e.g. HTTP, FTP, . . . ), the name of the server, and the location of a file on that server.
Hyper Text Transfer Protocol
Each Web page that appears on client monitors of the Web may appear as a complex document that integrates, for example, text, images, sounds and animation. Each such page may also contain hyperlinks to other Web documents so that a user at a client computer using a mouse may click on icons and may activate hyperlink jumps to a new page (which is a graphical representation of another document file) on the same or a different Web server.
A Web server is a software program on a Web host computer that answers requests from Web clients, typically over the Internet. All Web servers use a Hyper Text Transfer Protocol (HTTP) to communicate with Web clients. All types of data can be exchanged among Web servers and clients using HTTP, including Hyper Text Markup Language (HTML), graphics, sound and video. HTML describes the layout, contents and hyperlinks of the documents and pages. When browsing, a Web client converts user specified commands into HTTP GET requests, connects to the appropriate Web server to retrieve information, and waits for a response. The response from the server can be the requested document or an error message.
Browser
A Web client is also referred to as a Web browser, since it in fact browses documents retrieved from the Web server. After receiving data from a server, a Web client formats and presents the data or activates an ancillary application such a sound player to present the data. To do this, the server or the client identifies the various types of data received.
Intranet
Some companies use a mechanism similar to the Web to communicate inside their own corporation. Such a mechanism is called an xe2x80x9cIntranetxe2x80x9d. These companies use the same networking/transport protocols and locally based Web servers to provide access to vast amount of corporate information in a cohesive fashion. As this data may be private to the corporation, and because the members of the company still require access to public Web information, they protect the access to their network by using a special protective system called a xe2x80x9cfirewallxe2x80x9d.
Firewall
A Firewall protects one or more intranet computers having Internet connections from access by external computers connected to the Internet. A firewall is a network configuration, usually created by hardware and software, that forms a boundary between networked computers within the firewall from those outside the firewall. The computers within a firewall form a secure sub-network with internal access capabilities and shared resources not available to outside computers.
Access to both internal and external computers is often controlled by a single machine comprising the firewall. Since this firewall computer directly interacts with the Internet, strict security measures against unwanted access from external computers are required.
Firewalls are commonly used to protect information such as electronic mail and data files within a physical building or an organization site. A firewall reduces the risk of intrusion by unauthorized people from the Internet by utilizing xe2x80x9cproxiesxe2x80x9d or xe2x80x9csocksxe2x80x9d to control the access to information from each side of the firewall.
Proxy Server
An HTTP proxy is a special server that typically runs in conjunction with firewall software and allows an access to the Internet from within a firewall. Access by a proxy server is performed as follows. First the proxy server waits for a request (a HTTP request for example) from inside the firewall and forwards the request to the remote server outside the firewall. The proxy server then reads a response and sends the response back to the client.
A single computer can run multiple servers, each server connection identified by a port number. A proxy server, like an HTTP server or a FTP server, occupies a port. Typically, a connection uses standardized port numbers for each protocol (for example, HTTP=80 and FTP=21). For this reason, an end user must select a specific port number for each defined proxy server. Web browsers usually allow an end user to set the host name and port number of the proxy servers in a customization panel. Protocols such as HTTP, FTP, Gopher, WAIS, and Security usually have designated proxies.
Socks and Socks Server
Socks is a protocol which encapsulates Application Level protocols (for instance FTP, Telnet, Gopher, HTTP). Using Socks, the Application Level traffic between a system running a socks client software and a system running a socks server software is encapsulated in a virtual socks tunnel between both systems. Socks is primarily used by systems within an Intranet in order to gain a secure access to systems located outside the Intranet.
A Socks server acts as a relay between the systems within the Intranet and the systems outside the Intranet, thus hiding the internal systems from the external Internet and is thus one possible form of firewall. A socks server (also called a socks gateway) is a software entity that allows computers inside a firewall to gain access to the Internet. A socks server is usually installed on a server positioned either inside or on the firewall. To reach the Internet, computers within a firewall access the socks server as socks clients. Web browsers usually permit an end user to set the host name and port number of the socks servers in a customizable panel. In some operating systems, the socks server is specified in a separate file (e.g. socks.conf file). Socks servers act as a protocol layer underneath the standard TCP/IP protocols (HTTP, FTP, . . . ), and therefore cannot decode these protocol layers to determine what kind of data is being transferred.
Dispatcher System
When multiple Firewalls are used to gain access to systems outside the Intranet, a dedicated device called xe2x80x9cDispatcher Systemxe2x80x9d is often used within the Intranet for dispatching the traffic to these multiple Firewalls. The main goal of the dispatcher system is to balance the load across the multiple Firewalls. For instance when a very powerful Firewall and a smaller Firewall are available, more traffic should be dispatched on the very powerful Firewall than on the smaller one. Such dispatcher systems are either dedicated hardware devices, or software components installed on existing network device (such as an IP Router).
More detailed explanations regarding the technical field as presented in the above sections can be found in the following publications incorporated herewith by reference:
xe2x80x9cTCP/IP Tutorial and Technical Overviewxe2x80x9d by Martin W. Murhammer, Orcun Atakan, Stefan Bretz, Larry R. Pugh, Kazunari Suzuki, David H. Wood, International Technical Support Organization, October 1998, GG24-3376-05.
xe2x80x9cJava Network Programmingxe2x80x9d by Elliotte Rusty Harold, published by O""Reilly, February 1997.
xe2x80x9cInternet in a nutshellxe2x80x9d by Valerie Quercia, published by O""Reilly, October 1997.
xe2x80x9cBuilding Internet Firewallsxe2x80x9d by Brent Chapman and Elizabeth Zwichky, published by O""Reilly, September 1995.
A problem arises in differentiating IP datagrams transporting Socks data in accordance with the Application Level protocol utilized to transport Socks data. The Socks protocol is a form of encapsulation of Application Level traffic such as HTTP, FTP, Telnet. When Socks servers are used within an Intranet to provide secure access to systems located outside the Intranet, IP routers and network devices within this Intranet only see and handle Socks traffic. As a consequence, all Application Level protocols such as HTTP, FTP, and telnet encapsulated by Socks are treated alike within the TCP/IP network.
When multiple Socks servers are used within the Intranet to access systems outside the Intranet, a dedicated device called a xe2x80x9cdispatcher systemxe2x80x9d is often used for dispatching the traffic on these multiple Socks servers. The purpose of the dispatcher system is mainly to balance the load across the multiple Socks servers. For instance, when a larger Socks server and a smaller Socks server are both available, more traffic can be dispatched on the larger Socks server than on the smaller one.
In a Socks environment, the dispatcher system usually only sees and processes Socks traffic and is unable to distinguish the Application Level protocol which is encapsulated by Socks. As a consequence, all Application Level protocols such as HTTP, FTP, Telnet, are then treated alike by the dispatcher system. To solve this problem, the dispatcher system and any other IP network devices, such as IP routers, can use a TOS field in the header of IP datagrams comprising Socks data. For example, based on the TOS field, interactive Telnet traffic can be processed by a dispatcher system with a higher priority than batch FTP traffic. This Telnet traffic can be dispatched on a high capacity Socks server while the FTP traffic is dispatched on a lower capacity Socks server.
It would therefore be useful to set the value of the TOS field in IP datagrams comprising Socks data, according to the Application Level protocol used in the IP datagrams. Current solutions to address this problem include the following.
The TOS field can be set by a network device according to the protocol of the TCP data transported in the IP datagrams. That protocol is identified by the destination port field of the TCP header within the IP datagram. The major drawback of this approach is that in a Socks environment, the protocol of the TCP data transported in IP datagrams is always the Socks protocol. As a consequence, the TOS field always has the same value which corresponds to the Socks protocol. The TOS field is therefore not representative of the Application Level protocol of Socks data. For example, IP datagrams transporting HTTP, FTP, or Telnet data over Socks all have the same TOS value. The TOS field cannot be used to differentiate the IP datagrams according to the Application Level protocol of Socks data since this field always has the same unique value.
Alternatively, the TOS field can be set by the end user originating the Socks connection. Since the end user workstation originates the Socks connection, it knows which Application Level protocol is used by Socks data, and can therefore set the TOS field accordingly. The main drawback is that the end user workstation requires a specific software to set the TOS field according to the Application Level protocol. This specific software needs to be installed on all end user workstations originating Socks data. For large populations of end users, this means that a large number of end user workstations must be updated with this specific software. This is a time consuming and costly operation.
Furthermore, the association between TOS field values and Application Level-protocols is performed at the end user level. This may result in inconsistencies when, for example, policies are utilized within the same network. One end user workstation may set a TOS value of 7 for a Telnet protocol while another end user workstation may set a TOS value of 5 for the same Telnet protocol. As a consequence, the same Application Level protocol may be handled differently within the network depending on the end user workstation originating the Socks data.
A method and system for setting the value of a type of service field in an Internet Protocol (IP) datagram in accordance with an application level protocol are disclosed herein. The IP datagram is transmitted within a socks connection from a source application on a source device. The IP datagram includes a source. IP address field in an IP header and a source port field in a Transmission Control Protocol (TCP) header. In accordance with the method of the present invention a source address of the source device is retrieved from the source IP address field of an incoming IP datagram. An application address of the source application is retrieved from the source port field of the incoming IP datagram. A type of service value has been associated with the retrieved source address and the retrieved application address. The type of service value is then determined and written to a type of service field within the IP datagram.
All objects, features, and advantages of the present invention will become apparent in the following detailed written description.